From 86812b5c0b27984cc0ed4bd086fe8a17f1b7644e Mon Sep 17 00:00:00 2001
From: Alex Vandiver <alexmv@bestpractical.com>
Date: Fri, 8 Apr 2011 11:14:27 -0400
Subject: [PATCH] Allow the logout page to specify a URL to redirect to

We pass in $m->notes because %ARGS is passed in wholesale in too many
places, and there is no way to validate the url obtained via %ARGS, due
to the callback.
---
 share/html/Elements/Header    | 3 ++-
 share/html/NoAuth/Logout.html | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/share/html/Elements/Header b/share/html/Elements/Header
index c594f4820f2..1eb7f09f737 100755
--- a/share/html/Elements/Header
+++ b/share/html/Elements/Header
@@ -55,7 +55,8 @@
     <title><%$Title%></title>
 
 % if ($Refresh && $Refresh =~ /^(\d+)/ && $1 > 0) {
-    <meta http-equiv="refresh" content="<% $1 %>" />
+%   my $URL = $m->notes->{LogoutURL}; $URL = $URL ? ";URL=$URL" : "";
+    <meta http-equiv="refresh" content="<% "$1$URL" %>" />
 % }
 
 <link rel="shortcut icon" href="<%RT->Config->Get('WebImagesURL')%>favicon.png" type="image/png" />
diff --git a/share/html/NoAuth/Logout.html b/share/html/NoAuth/Logout.html
index 103ae4fb5ef..fa211005c51 100755
--- a/share/html/NoAuth/Logout.html
+++ b/share/html/NoAuth/Logout.html
@@ -45,7 +45,7 @@
 %# those contributions and any derivatives thereof.
 %#
 %# END BPS TAGGED BLOCK }}}
-<& /Elements/Header, Title => loc('Logout'), Refresh => RT->Config->Get('LogoutRefresh').";URL=$URL" &>
+<& /Elements/Header, Title => loc('Logout'), Refresh => RT->Config->Get('LogoutRefresh') &>
 </div>
 
 <div id="body" class="login-body">
@@ -81,4 +81,5 @@
 }
 
 $m->callback( %ARGS, CallbackName => 'AfterSessionDelete' );
+$m->notes->{LogoutURL} = $URL;
 </%INIT>